mysql到msqli的转换

时间:2019-06-20 03:43:55

标签: php mysql mysqli

不建议使用Mysql。我在mysql中有一个代码想要转换为mysqli,但是我没有成功。

代码有效,但是我收到错误消息“不建议使用mysql扩展,以后将其删除:改用mysqli或PDO”

这是初始代码:

$connection = mysql_connect('host','root','password') or die ("Couldn't connect to server.");  
$db = mysql_select_db('database_name', $connection) or die ("Couldn't select database.");  

$result = mysql_query("SELECT * FROM customers WHERE cust_number ='$Cust_Number' ");

if( mysql_num_rows($result) > 0) {
    mysql_query("UPDATE `customers` SET cust_name='$Cust_Name', cust_phone='$Cust_Phone', cust_phone1='$Cust_Phone1', cust_email='$Cust_Email', cust_address='$Cust_Address' ");
}
else
{
    mysql_query("INSERT INTO customers (cust_number, cust_name, cust_phone, cust_phone1, cust_email, cust_address) VALUES ('$Cust_Number', '$Cust_Name', '$Cust_Phone', '$Cust_Phone1', '$Cust_Email', '$Cust_Address') ");
}

我尝试了以下转换:

$connection = mysqli_connect('host','root','password') or die ("Couldn't connect to server.");  
$db = mysqli_select_db($connection,'database_name') or die ("Couldn't select database."); 

if( mysqli_num_rows($result) > 0) {
    mysqli_query($connections,"UPDATE `customers` SET cust_name='$Cust_Name', cust_phone='$Cust_Phone', cust_phone1='$Cust_Phone1', cust_email='$Cust_Email', cust_address='$Cust_Address' ");
}
else
{
    mysqli_query($connections,"INSERT INTO customers (cust_number, cust_name, cust_phone, cust_phone1, cust_email, cust_address) VALUES ('$Cust_Number', '$Cust_Name', '$Cust_Phone', '$Cust_Phone1', '$Cust_Email', '$Cust_Address') ");
}

但这不起作用。

有人可以帮我转换mysqli或PDO中的初始代码吗?

1 个答案:

答案 0 :(得分:0)

您的mysqli_query()调用$connections,而您的连接是$connection,这就是代码失败的原因。

但是,值得注意的是,您的代码容易受到SQL injection的攻击。为避免这种情况,您需要使用prepared statements(MySQL连接器不存在的功能)。

这可以通过以下操作完成:

$connection = mysqli_connect('host','root','password') or die ("Couldn't connect to server.");  
$db = mysqli_select_db($connection,'database_name') or die ("Couldn't select database."); 

if (mysqli_num_rows($result) > 0) {
    $stmt = $this->mysqli->prepare("UPDATE `customers` SET cust_name='?', cust_phone='?', cust_phone1='?', cust_email='?', cust_address='?'");
    $stmt->bind_param('sssss', $Cust_Name, $Cust_Phone, $Cust_Phone1, $Cust_Email, $Cust_Address);
    $stmt->execute();
}
else
{
    $stmt = $this->mysqli->prepare("INSERT INTO customers (cust_number, cust_name, cust_phone, cust_phone1, cust_email, cust_address) VALUES ('?', '?', '?', '?', '?', '?') ");
    $stmt->bind_param('ssssss', $Cust_Number, $Cust_Name, $Cust_Phone, $Cust_Phone1, $Cust_Email, $Cust_Address);
    $stmt->execute();
}
相关问题
最新问题